Up until LCOS version 6.30, LANCOM Routers supported two local networks only: The intranet and the DMZ. For some applications, however, it may be desirable to realize more than one intranet and one DMZ with a LANCOM Router, for example to provide multiple IP networks with Internet access via a central router. As of LCOS version 7.00, LANCOM Routers support up to 64 different IP networks, depending on the model.
Various scenarios are possible when realizing multiple IP networks:
- One network per interface.
- Multiple networks per interface.
- Multiple VLANs per interface; one or more networks per VLAN (which corresponds with a combination of the first two scenarios).
The realization of these scenarios is facilitated by advanced routing and forwarding (ARF), which provides very flexible options in the definition of IP networks and the assignment of these networks to the interfaces. The diagram below illustrates the network/interface assignment at various levels. The configuration options applied here are described in the following chapters.
The assignment of IP networks to interfaces proceeds as follows:
- The various models have different numbers of physical interfaces, i.e. Ethernet ports or WLAN modules.
- The logical interface(s) is/are assigned to the physical interface:
- For the Ethernet ports, Ethernet port mapping assigns the physical ETH-1
to ETH-4 to the logical LAN-1 to LAN-4. Note: For some but not all models, the number of logical LAN interfaces corresponds to the number of physically available Ethernet ports.
- In the case of the WLAN modules, the establishment of point-to-point connections (P2P) and/or the use of Multi-SSID can mean that multiple WLAN interfaces are assigned to each physical WLAN module: Per module this may be up to eight WLAN networks and up to six P2P connections.
- For the Ethernet ports, Ethernet port mapping assigns the physical ETH-1
to ETH-4 to the logical LAN-1 to LAN-4.
- These logical interfaces are further specified and grouped in the next
stage:
- For devices supporting VLAN, multiple VLANs can be defined for each logical interface simply by using VLAN-IDs. Although the data traffic for the various VLANs flows via a common logical interface, the VLAN-ID ensures that the different VLANs remain strictly separated. From the perspective of the LANCOM Router the VLANs are completely separate interfaces, meaning that a single logical interface becomes multiple logical interfaces for the LANCOM Router, and each of these interfaces can be addressed individually.
- For devices with WLAN modules, the individual logical interfaces can be grouped together. This is handled by the LAN bridge which regulates data transfer between the LAN and WLAN interfaces. The formation of bridge groups (BRG) allows multiple logical interfaces to be addresses at once and they appear as a single interface to the LANCOM Router—in effect achieving the opposite of the VLAN method.
- In the final stage, the ARF forms a connection between the logical interfaces with VLAN tags and the bridge groups on the one side, and the IP networks on the other. For this reason, an IP network is configured with a reference to a logical network (with VLAN-ID, if applicable) or to a bridge group. Furthermore, for each IP network an interface tag can be set, with which the IP network can be separated from other networks without having to use firewall rules.
The definition of routing tags for IP networks as described above is one of the main advantages of Advanced Routing and Forwarding. This option allows "virtual routers" to be realized. A virtual router only takes up a portion of the rounting table by using interface tags for a IP-network and therefore configures routing individually for this particular IP-network. This method allows, for example, several default routes to be defined in the routing table, each of which is given a routing tag. Virtual routers in the IP networks use the tags to select the default route which applies to the IP network with the appropriate interface tag. The separation of IP networks via virtual routers even permits multiple IP networks with one and the same address range to be operated in parallel in just one LANCOM Router without problem.
For example: Within an office building, a number of companies have to be connected to the Internet via a central LANCOM Router, even though each of these companies has its own Internet provider. All of the companies want to use the popular IP network '10.0.0.0' with the netmask '255.255.255.0'. To implement these requirements, each company is given an IP network '10.0.0.0/255.255.255.0' with a unique name and a unique interface tag. In the routing table, a default route with the corresponding routing tag is created for each Internet provider. This allows the clients in the different company networks, all of which use the same IP addresses, to access the Internet via their own provider. Employing VLANs enables logical networks to be separated from one another even though they use the same physical medium (Ethernet).